int isThisProcessID( DWORD processID, const char * name ) { CHAR szProcessName[MAX_PATH]; BOOL rc = 0; DWORD len = MAX_PATH; char * p = 0; HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); memset(szProcessName, 0, sizeof(szProcessName)); if (hProcess != NULL) { // Get the process name. rc = GetProcessImageFileNameA(hProcess, szProcessName, len); if (rc > 0) { //printf( "%s (PID: %u)\n", szProcessName, processID ); p = strstr(szProcessName, name); if (p != NULL) { //printf("p: %s\n", p); if( _stricmp(p, name) == 0) { CloseHandle( hProcess ); return 1; } } } } // Release the handle to the process. CloseHandle( hProcess ); return 0; }
int APIENTRY WinMain( HINSTANCE, HINSTANCE, LPSTR, int ) { // data HANDLE hProc; DWORD dwPID; HANDLE hThread; PBYTE pData; PBYTE pCode; InjData injData; // prepare data to be injected injData.fnCreateProcess = &CreateProcessA; injData.fnGetAsyncKeyState = &GetAsyncKeyState; injData.fnSleep = &Sleep; injData.fnMessageBox = &MessageBoxA; strcpy( injData.szCmd, PROCESS_COMMAND ); memset( &injData.si, 0, sizeof( injData.si ) ); injData.si.cb = sizeof( injData.si ); memset( &injData.pi, 0, sizeof( injData.pi ) ); // Step 1: Find and gain access to process DWORD nProcesses; DWORD processIDs[MAX_PROCESS_IDS]; EnumProcesses( processIDs, sizeof( processIDs ), &nProcesses ); nProcesses /= sizeof( DWORD ); for ( DWORD i = 0; i < nProcesses; ++i ) { hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, processIDs[i] ); if ( hProc ) { char szProcName[MAX_PATH]; GetProcessImageFileNameA( hProc, szProcName, sizeof( szProcName ) ); if ( std::string( szProcName ).find( PROCESS_NAME ) != std::string::npos ) { dwPID = i; break; } } } // Step 2: Allocate block of memory for data in remote process pData = (PBYTE)VirtualAllocEx( hProc, NULL, DATA_CHUNK_SIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE ); ASSERT( pData != NULL, "allocating memory for data failed =(" ); // Step 3: Copy data to remote process ASSERT( WriteProcessMemory( hProc, pData, &injData, sizeof( InjData ), NULL ), "copying data to memory failed =(" ); // Step 4: Allocate block of memory for code in remote process pCode = (PBYTE)VirtualAllocEx( hProc, NULL, CODE_CHUNK_SIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE ); ASSERT( pCode != NULL, "allocating memory for code failed =(" ); // Step 5: Copy function to remote process #pragma warning( disable : 4311 ) ASSERT( WriteProcessMemory( hProc, pCode, &ThreadFunc, (SIZE_T)&DummyFunc - (SIZE_T)&ThreadFunc, NULL ), "copying function to memory failed =(" ); #pragma warning( default : 4311 ) // Step 6: Create remote thread! hThread = CreateRemoteThread( hProc, NULL, 0, (LPTHREAD_START_ROUTINE)pCode, pData, 0, NULL ); ASSERT( hThread != NULL, "creating thread failed =(" ) return 0; }
R_API char *r_sys_pid_to_path(int pid) { #if __WINDOWS__ BOOL WINAPI (*QueryFullProcessImageNameA) (HANDLE, DWORD, LPTSTR, PDWORD); DWORD WINAPI (*GetProcessImageFileNameA) (HANDLE, LPTSTR, DWORD); HANDLE kernel32 = LoadLibrary ("Kernel32.dll"); if (!kernel32) { eprintf ("Error getting the handle to Kernel32.dll\n"); return NULL; } QueryFullProcessImageNameA = GetProcAddress (kernel32, "QueryFullProcessImageNameA"); if (!QueryFullProcessImageNameA) { // QueryFullProcessImageName does not exist before Vista, fallback to GetProcessImageFileName HANDLE psapi = LoadLibrary ("Psapi.dll"); if (!psapi) { eprintf ("Error getting the handle to Psapi.dll\n"); return NULL; } GetProcessImageFileNameA = GetProcAddress (psapi, "GetProcessImageFileNameA"); if (!GetProcessImageFileNameA) { eprintf ("Error getting the address of GetProcessImageFileNameA\n"); return NULL; } } HANDLE handle = NULL; TCHAR filename[MAX_PATH]; DWORD maxlength = MAX_PATH; handle = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); if (handle != NULL) { if (QueryFullProcessImageNameA) { if (QueryFullProcessImageNameA (handle, 0, filename, &maxlength) == 0) { eprintf("Error calling QueryFullProcessImageNameA\n"); CloseHandle (handle); return NULL; } } else { if (GetProcessImageFileNameA (handle, filename, maxlength) == 0) { eprintf("Error calling GetProcessImageFileNameA\n"); CloseHandle (handle); return NULL; } } CloseHandle (handle); return strdup (filename); } return NULL; #elif __APPLE__ char pathbuf[PROC_PIDPATHINFO_MAXSIZE]; pathbuf[0] = 0; int ret = proc_pidpath (pid, pathbuf, sizeof (pathbuf)); if (ret <= 0) return NULL; return strdup (pathbuf); #else int ret; char buf[128], pathbuf[1024]; #if __FreeBSD__ snprintf (buf, sizeof (buf), "/proc/%d/file", pid); #else snprintf (buf, sizeof (buf), "/proc/%d/exe", pid); #endif ret = readlink (buf, pathbuf, sizeof (pathbuf)-1); if (ret<1) return NULL; pathbuf[ret] = 0; return strdup (pathbuf); #endif }
BOOL CProcessControl::Get( __in BOOL bCurrentProc, __in ULONG ulPid, __out LPSTR lpOutBuf, __in ULONG ulOutBufSizeCh ) { BOOL bRet = FALSE; HANDLE hProc = NULL; DWORD dwProcPathLenCh = 0; CHAR chProcPathDev[MAX_PATH] = {0}; CHAR chVolNameDev[MAX_PATH] = {0}; CHAR chVolName[MAX_PATH] = {0}; __try { if (!lpOutBuf || !ulOutBufSizeCh || (!bCurrentProc && !ulPid)) { printfPublic("input arguments error. %d %d 0x%p %d", bCurrentProc, ulPid, lpOutBuf, ulOutBufSizeCh); __leave; } ZeroMemory(lpOutBuf, ulOutBufSizeCh * sizeof(CHAR)); if (bCurrentProc) { if (!CModulePath::Get(NULL, lpOutBuf, ulOutBufSizeCh)) { printfPublic("Get failed"); __leave; } bRet = TRUE; __leave; } hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ulPid); if (!hProc) { printfPublic("OpenProcess failed. (%d)", GetLastError()); __leave; } if (m_QueryFullProcessImageNameA) { dwProcPathLenCh = ulOutBufSizeCh; if (!m_QueryFullProcessImageNameA(hProc, 0, lpOutBuf, &dwProcPathLenCh)) { printfPublic("QueryFullProcessImageName failed. (%d)", GetLastError()); __leave; } bRet = TRUE; __leave; } if (!GetProcessImageFileNameA(hProc, chProcPathDev, _countof(chProcPathDev))) { printfPublic("GetProcessImageFileName failed. (%d)", GetLastError()); __leave; } strcat_s(chVolName, _countof(chVolName), "A:"); for (; _T('Z') >= *chVolName; (*chVolName)++) { ZeroMemory(chVolNameDev, sizeof(chVolNameDev)); if (!QueryDosDeviceA(chVolName, chVolNameDev, _countof(chVolNameDev))) { if (2 == GetLastError()) continue; else { printfPublic("QueryDosDevice failed. (%d)", GetLastError()); __leave; } } if (0 == _strnicmp(chProcPathDev, chVolNameDev, strlen(chVolNameDev))) { bRet = TRUE; break; } } if (bRet) { strcat_s(lpOutBuf, ulOutBufSizeCh, chVolName); strcat_s(lpOutBuf, ulOutBufSizeCh, chProcPathDev + strlen(chVolNameDev)); } } __finally { if (hProc) { CloseHandle(hProc); hProc = NULL; } } return bRet; }
void Process::processNameEx(){ DWORD dwRtnCode = 0; DWORD size = 1024; //Надеемся что влезет _pName = (LPSTR)GlobalAlloc( GMEM_FIXED, size); if (_pName == NULL) { DWORD dwErrorCode = 0; dwErrorCode = GetLastError(); throw(ProcessException("GlobalAlloc error = ",dwErrorCode)); } dwRtnCode = GetProcessImageFileNameA(_handle,_pName,size); if (dwRtnCode == 0){ DWORD error = GetLastError(); throw(ProcessException("GetProcesImageFileName error ",error)); } }